FAQ: Resolving IP Numbers

When I look at the top hosts and top domains, all I see are numbers (IP addresses).
How do I get the domain information?

Short Answer

Turn on reverse DNS lookup in the Network options (or in your web server),
or use Sawmill's "look up IP numbers using DNS" feature.

Long Answer

Your web server is tracking the IP numbers of visitors, but not
their hostnames or domains.
If you need hostname or domain information, you need to tell Sawmill
(or your web server) to look up the IP addresses using DNS (domain name service).
One way to do this is to turn on DNS lookup in your web server; that will slow down
your server, but then Sawmill will report hostnames and domains without any performance penalty during
log data processing.

If you're not willing to take the performance hit on your server,
or if you want to analyze log data that has already been generated with IP addresses,
you can turn on Sawmill's reverse DNS feature like this:

A third option is to use a separate DNS resolving program to compute your
log files after the server is done writing them, and before Sawmill analyzes them.
Examples include logresolve, which is included with the popular Apache web server,
DNSTran, which runs on several platforms including
Macintosh, Linux, Solaris, and IRIX.

If you're using UNIX or MacOS X,
another good option is adns,
an asynchronous DNS lookup library that includes some command-line tools for
looking up IP addresses, including adnslogres (for Common Access format
and Apache Combined format files) and adnsresfilter (for other
types of log files). For instance, you can use the command "adnsresfilter < /path/to/my/log.file"
as your log source command to use adns. adns is faster than logresolve, but
more difficult to configure initially.

You can plug any command-line DNS resolver
directly into Sawmill by using a command log source, and entering a UNIX command that
resolves the IPs in the log file and dumps the resolved log data
to the standard output stream, in this case

logresolve < /path/to/my/log.file

Once you've done that,
Sawmill will automatically run logresolve when you process your log data, and
it will resolve the data before feeding it to Sawmill.